EP templates for Mojo::Pg

[rshadow]

How about addon to use .ep templates for queries? Example of named parameters:

$db->query('insert into names (name) values (<%= $name %>)', name => 'Sara');

Full support for perl will make it possible to build queries:

$db->query(q{
    select 
         *
    from 
        names
    where
        <% if(defined $name) { %>
            "name" = <%= $name %>
        <% } elseif( defined $id ) { %>
            "id" = <%= $id %>
        <% } %>
}, id => 1);

[jberger]

If you need something like this you can of course use Mojo::Template directly. That said, this is just begging to get sql-injection-attacked by people who don't understand what that is. I'm going to preemptively close this as I would see it as nearly a security issue if Mojo::Pg allowed this.

[mpapec]

Suggested approach could also use placeholders instead of directly using values.

[jberger]

Placeholders already exist. The only reason I can imagine for using templates is to do things that placeholders do not allow, like picking a column name dynamically for example (as the OP does).

[rshadow]

@jberger You're right about the sql-injection, so you can not directly use the Mojo::Template. It needs a hack to replace the values in the ?.

[rshadow]

If I try to make these templates. What namespace is better to use for the package?

[jberger]

I highly HIGHLY recommend prototyping this off of CPAN (as in, try it in a real application before putting it online). I consider any exploration of this kind of module to be really dangerous. Anyway this isn't the right place to discuss a new module, please either continue it on the universe mailing list (brand new!) https://groups.google.com/forum/#!forum/mojolicious-universe or else on prepan.